mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
winbindd: use passdb backend for well-known SIDs
On a DC well-known SIDs like S-1-1-0 (everyone) *must* be handled by the local domain, otherwise something simple like this fails with WBC_ERR_DOMAIN_NOT_FOUND: $ make testenv SELFTEST_TESTENV=nt4_dc SCREEN=1 localnt4dc2$ ./bin/wbinfo --sid-to-name S-1-1-0 failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND Could not lookup sid S-1-1-0 On a member server asking our DC works and is what we're currently doing, but changing it to ask passdb avoids the overhead. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
parent
3a9ea1873c
commit
6b7a14b4b9
@ -22,14 +22,12 @@
|
||||
^samba3.raw.samba3hide.samba3hide\((nt4_dc|ad_dc)\) # This test fails against an smbd environment with NT ACLs enabled
|
||||
^samba3.raw.samba3closeerr.samba3closeerr\(nt4_dc\) # This test fails against an smbd environment with NT ACLs enabled
|
||||
^samba3.raw.acls nfs4acl_xattr-simple.INHERITFLAGS\(nt4_dc\) # This (and the follow nfs4acl_xattr tests fail because our NFSv4 backend isn't a complete mapping yet.
|
||||
^samba3.raw.acls nfs4acl_xattr-simple.sd\(nt4_dc\)
|
||||
^samba3.raw.acls nfs4acl_xattr-simple.create_file\(nt4_dc\)
|
||||
^samba3.raw.acls nfs4acl_xattr-simple.create_dir\(nt4_dc\)
|
||||
^samba3.raw.acls nfs4acl_xattr-simple.nulldacl\(nt4_dc\)
|
||||
^samba3.raw.acls nfs4acl_xattr-simple.generic\(nt4_dc\)
|
||||
^samba3.raw.acls nfs4acl_xattr-simple.inheritance\(nt4_dc\)
|
||||
^samba3.raw.acls nfs4acl_xattr-special.INHERITFLAGS\(nt4_dc\)
|
||||
^samba3.raw.acls nfs4acl_xattr-special.sd\(nt4_dc\)
|
||||
^samba3.raw.acls nfs4acl_xattr-special.create_file\(nt4_dc\)
|
||||
^samba3.raw.acls nfs4acl_xattr-special.create_dir\(nt4_dc\)
|
||||
^samba3.raw.acls nfs4acl_xattr-special.nulldacl\(nt4_dc\)
|
||||
|
@ -1009,12 +1009,19 @@ struct winbindd_domain *find_our_domain(void)
|
||||
|
||||
struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
|
||||
{
|
||||
/* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */
|
||||
DBG_DEBUG("SID [%s]\n", sid_string_dbg(sid));
|
||||
|
||||
/*
|
||||
* SIDs in the S-1-22-{1,2} domain and well-known SIDs should be handled
|
||||
* by our passdb.
|
||||
*/
|
||||
|
||||
if ( sid_check_is_in_unix_groups(sid) ||
|
||||
sid_check_is_unix_groups(sid) ||
|
||||
sid_check_is_in_unix_users(sid) ||
|
||||
sid_check_is_unix_users(sid) )
|
||||
sid_check_is_unix_users(sid) ||
|
||||
sid_check_is_wellknown_domain(sid, NULL) ||
|
||||
sid_check_is_in_wellknown_domain(sid) )
|
||||
{
|
||||
return find_domain_from_sid(get_global_sam_sid());
|
||||
}
|
||||
@ -1023,8 +1030,6 @@ struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
|
||||
* one to contact the external DC's. On member servers the internal
|
||||
* domains are different: These are part of the local SAM. */
|
||||
|
||||
DEBUG(10, ("find_lookup_domain_from_sid(%s)\n", sid_string_dbg(sid)));
|
||||
|
||||
if (IS_DC || is_internal_domain(sid) || is_in_internal_domain(sid)) {
|
||||
DEBUG(10, ("calling find_domain_from_sid\n"));
|
||||
return find_domain_from_sid(sid);
|
||||
|
Loading…
Reference in New Issue
Block a user